The Canada Revenue agency says it won’t have its website back up and running until the weekend due to a potential security threat posed by the 'Heartbleed' encryption bug.
The agency shut down public access to several of its electronic services on Wednesday following warnings that millions of online passwords and sensitive personal information around the world could be exposed to hackers.
“We have received information concerning an Internet security vulnerability named the Heartbleed Bug. As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold,” the agency said in a statement.
E-filing, password-protected services including My Account, My Business Account and Represent a Client, as well as Internet portals including EFILE and NETFILE, have been deactivated.
The shutdown comes just three weeks before the April 30 deadline for filing personal income tax returns. The Minister of National Revenue confirmed that Canadians owing income tax for 2013 will be exempt from interest and penalties for the length of time equal to the disruption of online services, the Toronto Star reported.
The CRA’s electronic records hold the personal information – including names, addresses, income, social insurance numbers and banking information – of millions of Canadians. The agency has stringent confidentiality and privacy rules intended to prevent disclosure of tax information.
The Heartbleed bug – which began making headlines on Monday – affects open-source software called OpenSSL, used by two-thirds of online providers, revealing private data including names, passwords, credit card information. Hackers may also be able to snatch up a server’s digital keys enabling the creation of a 'fake' website to trick people into thinking they are visiting a legitimate site.
Canada's big banks have said that there is no threat to their online services as encryption is just one of several safeguards in place to protect accounts, personal information and bank servers. Internet big wigs such as Google, Facebook and Yahoo have also either fixed or are in the process of dealing with the problem.
CRA shuts down website
Hackers gain momentum: Study